From owner-svn-src-stable-7@FreeBSD.ORG Mon Aug 29 20:00:57 2011 Return-Path: Delivered-To: svn-src-stable-7@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B9C361065674; Mon, 29 Aug 2011 20:00:57 +0000 (UTC) (envelope-from mm@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 90B9D8FC21; Mon, 29 Aug 2011 20:00:57 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.4/8.14.4) with ESMTP id p7TK0vhK010581; Mon, 29 Aug 2011 20:00:57 GMT (envelope-from mm@svn.freebsd.org) Received: (from mm@localhost) by svn.freebsd.org (8.14.4/8.14.4/Submit) id p7TK0vvW010579; Mon, 29 Aug 2011 20:00:57 GMT (envelope-from mm@svn.freebsd.org) Message-Id: <201108292000.p7TK0vvW010579@svn.freebsd.org> From: Martin Matuska Date: Mon, 29 Aug 2011 20:00:57 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-7@freebsd.org X-SVN-Group: stable-7 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r225250 - stable/7/usr.sbin/makefs X-BeenThere: svn-src-stable-7@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: SVN commit messages for only the 7-stable src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Aug 2011 20:00:57 -0000 Author: mm Date: Mon Aug 29 20:00:57 2011 New Revision: 225250 URL: http://svn.freebsd.org/changeset/base/225250 Log: Fix buffer overflow and possible ISO image corruption in wrong handling of "." character case in makefs ISO level 1 and 2 filename conversion. Filed as NetBSD PR #45285 http://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=45285 Reviewed by: Christos Zoulas Modified: stable/7/usr.sbin/makefs/cd9660.c Directory Properties: stable/7/usr.sbin/makefs/ (props changed) Modified: stable/7/usr.sbin/makefs/cd9660.c ============================================================================== --- stable/7/usr.sbin/makefs/cd9660.c Mon Aug 29 20:00:29 2011 (r225249) +++ stable/7/usr.sbin/makefs/cd9660.c Mon Aug 29 20:00:57 2011 (r225250) @@ -1627,7 +1627,7 @@ cd9660_level1_convert_filename(const cha int extlen = 0; int found_ext = 0; - while (*oldname != '\0') { + while (*oldname != '\0' && extlen < 3) { /* Handle period first, as it is special */ if (*oldname == '.') { if (found_ext) { @@ -1644,10 +1644,8 @@ cd9660_level1_convert_filename(const cha *oldname == ',' && strlen(oldname) == 4) break; /* Enforce 12.3 / 8 */ - if (((namelen == 8) && !found_ext) || - (found_ext && extlen == 3)) { + if (namelen == 8 && !found_ext) break; - } if (islower((unsigned char)*oldname)) *newname++ = toupper((unsigned char)*oldname); @@ -1690,7 +1688,7 @@ cd9660_level2_convert_filename(const cha int extlen = 0; int found_ext = 0; - while (*oldname != '\0') { + while (*oldname != '\0' && namelen + extlen < 30) { /* Handle period first, as it is special */ if (*oldname == '.') { if (found_ext) { @@ -1710,8 +1708,6 @@ cd9660_level2_convert_filename(const cha if (diskStructure.archimedes_enabled && *oldname == ',' && strlen(oldname) == 4) break; - if ((namelen + extlen) == 30) - break; if (islower((unsigned char)*oldname)) *newname++ = toupper((unsigned char)*oldname);